Tuesday, August 26, 2008

A British data processing firm has launched an urgent review after a staff member sold a computer on eBay containing personal details of a million bank customers, a spokeswoman said today.

The computer was bought on the online auction site for STG35 ($A75) by Andrew Chapman, an IT manager from Oxford, in central England, who found the information on the computer's hard drive.

It included bank account numbers, phone numbers, mothers' maiden names and signatures of one million customers of American Express, NatWest and the Royal Bank of Scotland (RBS), the Independent newspaper reported.

It had belonged to data processing company Mail Source which is part of Graphic Data, a company that holds financial information for banks and other organisations.

A spokeswoman for Mail Source said the employee who sold the computer had made an "honest mistake" but insisted it had been an "isolated incident".

She said: "The computer was removed from our secure storage facility in Essex and sold on eBay.

"We know which employee took the server and sold it, but we believe it was an honest mistake and it was not intentional to sell it without the server being cleared.

"This is a very unfortunate incident and we are taking measures to ensure it will never happen again."

An RBS spokeswoman said: "Graphic Data has confirmed to us that one of their machines appears to have been inappropriately sold on via a third party.

"As a result, historical data relating to credit card applications from some of our customers and data from other banks were not removed.

"We take this issue extremely seriously and are working to resolve this regrettable loss with Graphic Data as a matter of urgency."

EBay said such an item should never have been sold on its site.

There have been a series of data security blunders in Britain in the past year.

In two of the most serious cases, the government admitted in November it had lost confidential records for 25 million Britons who receive child benefit payments, and in January, the Ministry of Defence revealed that a laptop with details of some 600,000 people interested in joining the armed forces had been stolen from a naval officer.